[tomcat7] 01/01: Fixed CVE-2016-3092: Denial-of-Service vulnerability with file uploads

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Tue Jun 28 09:24:40 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository tomcat7.

commit 70a3a41e63ef4de6158eef683d36654e7aa7d8a0
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Wed Jun 22 11:48:57 2016 +0200

    Fixed CVE-2016-3092: Denial-of-Service vulnerability with file uploads
---
 debian/changelog                   |  6 ++++++
 debian/patches/CVE-2016-3092.patch | 29 +++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 6f4b6a0..b2d2320 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+tomcat7 (7.0.56-3+deb8u3) jessie-security; urgency=high
+
+  * Fixed CVE-2016-3092: Denial-of-Service vulnerability with file uploads
+
+ -- Emmanuel Bourg <ebourg at apache.org>  Wed, 22 Jun 2016 11:48:45 +0200
+
 tomcat7 (7.0.56-3+deb8u2) jessie-security; urgency=high
 
   * Team upload.
diff --git a/debian/patches/CVE-2016-3092.patch b/debian/patches/CVE-2016-3092.patch
new file mode 100644
index 0000000..37a38bb
--- /dev/null
+++ b/debian/patches/CVE-2016-3092.patch
@@ -0,0 +1,29 @@
+Description: Fixes CVE-2016-3092: Denial-of-Service vulnerability
+Origin: backport, https://svn.apache.org/r1743480
+--- a/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java
++++ b/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java
+@@ -282,11 +282,6 @@
+             byte[] boundary,
+             int bufSize,
+             ProgressNotifier pNotifier) {
+-        this.input = input;
+-        this.bufSize = bufSize;
+-        this.buffer = new byte[bufSize];
+-        this.notifier = pNotifier;
+-
+         // We prepend CR/LF to the boundary to chop trailing CR/LF from
+         // body-data tokens.
+         this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+@@ -294,6 +289,12 @@
+             throw new IllegalArgumentException(
+                     "The buffer size specified for the MultipartStream is too small");
+         }
++
++        this.input = input;
++        this.bufSize = Math.max(bufSize, boundaryLength*2);
++        this.buffer = new byte[this.bufSize];
++        this.notifier = pNotifier;
++
+         this.boundary = new byte[this.boundaryLength];
+         this.keepRegion = this.boundary.length;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index e1e7cdb..da20b83 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@ CVE-2015-5351.patch
 CVE-2016-0706.patch
 CVE-2016-0714.patch
 CVE-2016-0763.patch
+CVE-2016-3092.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git

More information about the pkg-java-commits mailing list